Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / intel-ipmi-oem / 9e1831bda03f3360042fbd7825a98c08d37690d0
commit9e1831bda03f3360042fbd7825a98c08d37690d0[log] [tgz]
authorJayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Wed Jun 03 17:05:12 2020 +0000
committerJayaprakash Mutyala <mutyalax.jayaprakash@intel.com>Wed Jun 03 17:05:12 2020 +0000
tree434e6a2faf664574a86b9df68ddfe457261e8fa9
parentfcd2d3a943c4fb518d399d8a0addd1cc661e5628 [diff]
ipmi-whitelist: Restrict cold reset cmd from KCS

Issue: Issuing cold reset command from KCS interface is allowed.

Fix: Restrict cold reset command execution from KCS interface by adding
     channel mask in ipmi-whitelist.conf

Tested:
Verified using ipmitool raw command from Linux OS
1. Set restriction mode as ProvisionedHostWhitelist
Commandi: busctl set-property xyz.openbmc_project.RestrictionMode.Manager
         /xyz/openbmc_project/control/security/restriction_mode
         xyz.openbmc_project.Control.Security.RestrictionMode
                    RestrictionMode s
         "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.
           ProvisionedHostWhitelist"
Response:               //Success
2. Check the restriction mode
Command:  ipmitool raw 0x30 0xb3
Response: 04 00
3. Execute cold reset command from Linux OS terminal
Command:  ipmitool raw 0x06 0x02
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x2 rsp=0xd5): Command not supported in present state

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I8d0b8ae6ef1d12b57ecccda302f31a85eecd8ee9
1 file changed
tree: 434e6a2faf664574a86b9df68ddfe457261e8fa9
  1. include/
  2. non-yocto/
  3. src/
  4. tests/
  5. .clang-format
  6. .gitignore
  7. cmake-format.json
  8. CMakeLists.txt
  9. CMakeLists.txt.in
  10. generate-whitelist.py
  11. ipmi-whitelist.conf
  12. LICENSE
  13. MAINTAINERS